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REMARKS 

These remarks are submitted in response to the Final Office Action mailed on October 
17, 2007. Reconsideration and allowance of this application, as amended, is respectfully 
requested in view of the remarks that follow. 

The three independent claims 1,17, and 22 are of similar scope - claim 1 is a method 
claim, while claims 17 and 22 are apparatus claims. Claim 22 differs from claim 17 in that it 
contains "means for" terminology. These three independent claims will be discussed together in 
the discussion which follows. Representative claim 1 will be the focus of the discussion below. 

All of the Claims stand rejected under 35 USC § 103(a) as obvious in view of the 
combination of U.S. Published Application No. US 2002/0257267 Al filed by John L. Williams, 
et al. on February 13, 2004 (claiming the priority of provisional application No. 60/448,313, 
filed on Feb. 14, 2003) with U.S. Patent No. US 6,229,540 Bl which issued to Daniel L. Tunelli, 
etal. on May 8, 2001. 

A. The Final Rejection Is Applicable to Former Claim 2, Which Has been 
Cancelled - It Is Not Applicable to Former Claim 3, the Limitations of Which Are Now 
Part of All the Independent Claims Before the Examiner 

Statements made by the Examiner in the "Response to Arguments" portion of the 
Examiner's final rejection make it clear that the Examiner is reading claim 1 incorrectly. He is 
reading into claim 1 the limitations of former claim 2 (which has been cancelled). He is not 

responding to the fact that claim 1 and all the other independent claims, as amended, now 
include the additional and very different limitations of former claim 3. The limitations 
introduced by claim 3 are not to be found in the art cited by the Examiner. 

Former claim 2 called for the results of an audit of the computers in an enterprise to be 
compared to "industry standards applicable to the relevant peer group of enterprises." Having 
recognized after the initial rejection of this application that the Williams, et al. prior-art clearly 
does teach precisely this, applicants previously cancelled claim 2 fi-om this application. 
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Applicants then narrowed claim 1 and all of the other independent claims by adding to them the 
limitations of former claim 3. 

In his Final Rejection (page 5, line 12 to page 6, line 6), the Examiner points out that the 
Williams, et al. application compares the configurations of computers in a nationwide network of 
computers to "pre-establish[ed] policies" made up of "one or more rules" which are "designed to 
help meet the exacting standards of industry organizations such as the govemment, healthcare 
organizations, financial services organizations, . . . ." From this, the Examiner concludes that the 

. . . policy lab which consists of policy repository resides in the comphance server. 
All the standard enterprises information are pre-stored in the policy library. 
(Final Rejection, page 6, lines 6-11) 

If claim 1 called for the resuhs of an audit to be compared to "pre-established policies" made up 
of "rules" which reflect "the exacting standards of industry organizations such as the 
govemment," the Examiner's final rejection of the claims would be fully justified. But this is 
not the case. 

Contrary to what the Examiner has concluded, this is not how the present invention 
works, as the invention is defined by claim 1 (as amended to include the limitations of former 
claim 3) and by the specification. 

Claim 1 does NOT call for the results of an enterprise audit to be compared to any 
"exacting standards of industry organizations." Quite contrary to this, claim 1 calls for the 
results of an enterprise audit to be compared to the combined results of separately-conducted 
enterprise audits of other enterprises in the same industry (or in a similar industry). Accordingly, 
there are no need for "rules" that reflect published "standards of industry organizations," and 
there is no need to manually encode such rules or standards into "both English and in a machine- 
processable language," to quote a passage from Williams, et al. that the Examiner has cited in his 
Final Rejection (page 5, lines 1 1-15). 

The beauty of the present invention, as claimed in amended claim 1, is that no such rules 

or published standards of industry organizations need to be referred to. For example, in the field 

of health care, all computers containing patient information must comply with "national 

-3- 



Atty. Dkt.No. 10013526-1 



standards for electronic health care transactions" that were established by the Health Insurance 
Portability and Accountability Act (HIPAA) of 1996. To implement a security auditing system 
such as that described in the Williams, et al. prior art, skilled computer programmers would have 
to spend months studying the HIPAA rules and regulations to create some form of expert 
auditing system that would test the security of each computer in an enterprise directly against a 
program reflecting the HIPAA rules. This would be a very difficult, expensive task. And 
whenever the HIPAA rules were revised, the programmers would have to come back and revise 
their programs accordingly. 

The present invention bypasses all of this unnecessary work by taking an entirely 
different approach to the task of auditing the computer in an enterprise. The HIPAA rules and 
regulations do not need to be studied by the auditors, and special HIPAA programs reflecting 
those rules and regulations are not required. Here is how the present invention operates: 

Claim 1 as amended, boiled down to its essentials, specifically calls for the following 
security audit steps to be performed: 

collecting security information fi-om the nodes of the enterprise under 

audit; 

analyzing the security information and providing a first result of this 
analysis; and 

comparing this first result with a second result ... the second result 
comprising information derived from information previously obtained through 
application of the collecting and analyzing steps to two or more enterprises in [a] 
relevant peer group .... 

Hence, the present invention does not require any "standards of industry organization" to 

be located and encoded by skilled programmers into machine-readable rules that can then govern 

each security audit. Instead, the present invention begins with multiple enterprises or companies 

all of which are active in the same field or "peer group" - healthcare, for example. The present 

invention, as defined above in claim 1, applies the collecting and analysis steps to all (or to a 

sampling) of the computers found in each of the multiple healthcare enterprises. The invention 

then goes back and compares the results of analyzing each enterprise to the results of analyzing 
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all of the enterprises together. In essence, the security audit of each individual health care 
enterprise is compared to the security audits of all of the other health care enterprises taken 
collectively. The result, as is clearly illustrated in Figure 6 of the patent, is a comparison of how 
good the security of each audited enterprise is in comparison to the "industry average." Each 

enterprise's security is thus judged against the security of other "peer group" enterprises - not 
against some complex technical standard established by an industry organization or by 
legislation (as in the case of HIPAA). 

The specification clearly explains this in paragraph 53: 

[0053] In step 1 10, the enterprise [or company] 202's security configuration 
information about elements or classes of elements is evaluated and analyzed to 
determine the level of security that is maintained within the field nodes [or 
computers] 208, 210, and 212 of the enterprise 202. As part of this evaluation process, 
a security analyzer residing on the server 222 calls upon analyzers contained within an 
analyzer database 224 to investigate particular security configuration information that is 
associated with particular managed elements or classes of elements present on each field 
node 208, 210, and 212. ... Following step 1 10, the results of this evaluation, and in 
particular any information defining security issues identified by the analyzers, are 
compared in step 112 to the results of prior analysis of security information 
gathered previously from a relevant peer group of other similar enterprises, 
companies, or agencies involved in the same or in a similar induatry as the 
enterprise being audited, or otherwise having security needs that are similar to those of 
the enterprise being audited. The results of prior analyses of the relevant peer group are 
sometimes referred to as the "industry standards security information" which may be 
conveniently stored in an industry standards (or peer group) information database 114. ... 

Neither the Williams, et al. prior-art reference nor the Tunelli et al. prior-art reference (U.S. 
Patent No. 6,229,540) teaches anything comparable to this. 

Accordingly, the Examiner is respectfully requested to reconsider his rejection of the 
claims presently before him. Early and favorable action is respectfully requested. 

B. The Examiner Must Accept AppUcant's Precise Definition of the Term 

"Enterprise." Accordingly, the Williams, et al Prior Art Discloses Only One 
"Enterprise" and Not Multiple "Enterprises" 
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In his "Response to Arguments," the Examiner quotes extensively from the 
Williams, et al. prior art, and then he says (Final Rejection, page 5, lines 1-4): 

From all these cited paragraphs it is clear that each one of these 
audit servers acting as an individual enterprise which are separated by 
firewalls between them. 

The Examiner, accordingly, mistakenly concluder that Figure 1 of the Williams et al. 
prior art discloses multiple enterprises, one located in each city shown, with each 
enterprise separated from an international network by a firewall. With all due respect. 
Figure 1 of the Williams et al. prior art discloses only a single enterprise - not multiple 
enterprises, as is required by all of the claims. 

In the Williams et al. prior art. Figure 1 discloses the computers of employees of a 
a single corporation distributed to sites in three cities - New York, Chicago, and London. 
The Examiner views the computers in each of these three cities as separate "Enterprises." 
Because all the computers shown in Figure 1 are networked together and are the 
computers of people belonging to a single "Coropration" or organization of people, all 
the computers shown in Figure 1 form only a single "enterprise" as that term is defined 
in the "Definitions" section of the present application. Accordingly, the Williams, et al. 
prior art fails to disclose multiple enterprises as is required by all the independent claims. 

It is established law that a patent applicant may define terms in the specification 
of a patent and then use those terms in the claims. Such terms, when used in the claims, 
must be given the meaning that is assigned to them in the specification, rather than their 
ordinary and customary meaning. Patent caselaw calls this the "Lexicographer Rule:" A 
a patent applicant may be his or her own "lexicographer." For example Merck v. Teva 
Pharmaceuticals, USA, 395 F.3d 1364, 1370 (Fed. Cir. 2005) says: 

. . . While in some cases there is a presumption that favors the ordinary meaning of 
a term, Tex. Digital Sys. v. Telegenix Inc., 308 F.3d 1193, 1202 (Fed.Cir.2002), the court 
must first examine the specification to determine whether the patentee acted as his own 
lexicographer of a term that akeady has an ordinary meaning to a person of skill in the 
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art. See, e.g., Renishaw PLC v. Marposs Societa' per Azioni, 158 F.3d 1243, 1250 
(Fed.Cir.1998); Brookhill-Wilk, 334 F.3d at 1299. 

When a patentee acts as his own lexicographer in redefining the meaning of 
particular claim terms away from their ordinary meaning, he must clearly express that 
intent in the written description. See, e.g., Bell Atl. Network Servs. v. Covad 
Communications Group, Inc., 262 F.3d 1258, 1268 (Fed.Cir.2001). 

The present applicant has included, in the specification of this application, a 
precise definition of the term "enterprise:" 

Definition of Terms 

[0029] The following terms used in this application shall have 
the respective meanings ascribed to them below unless otherwise 
expressly defined in this application: 

[0030] Enterprise. An enterprise is a collection of computers, 
software, and networking that interconnects the computing environment of 
an organization of people. . . . 

Accordingly, all the computers, software, and networking that interconnect "an 
organization of people" constitutes a single enterprise. It does not matter whctthcr they 
are all in a single building, scattered over a single town, or located in several different 
towns. For example, all the computers of employees of Hewlett Packard Co. located in 
offices all across the United States and Europe and interconnected by a network 
constitutes a single "Enterprise," not a separate enterprise for every city or building 
where Hewlett Packard employees reside. 

With respect to the WiUiams, et al. prior art, the fact that the employees of a 
single company are located in three different towns does not mean that there are three 
different enterprises. Since all the employees work for the same corporation, they are 
part of a single organization of people. And the fact that there may be separate firewalls 
established in each town, or in each building, or on each floor of each building, does not, 
under this definition, mean that there are multiple enterprises - there is only one 
enterprise shown in Figiire 1 of the Williams, et al. prior art: a single corporate-wide 
enterprise of computers, software, and networking. 
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Since the Williams, et al. prior art discloses only one enterprise in Figure 1 , and 
since the claims call for the invention to be applied to multiple enterprises, the claims are 

patentable over Williams et al. 

For this additional reason, the claims are patentable over the prior art of record, 
and their allowance is respectfully requested. 

C. Conclusion 

In view of the above, applicant respectfully that this application and its amended claims 
be allowed to mature into a patent. Early and favorable action is respectfully requested. 

The Examiner is invited to contact the undersigned by telephone if it is felt that a 
telephone interview would advance the prosecution of the present application. 

The Commissioner is hereby authorized to charge any additional fees which may be 
required regarding this application under 37 C.F.R. §§ 1.16-1.17, or credit any overpayment, to 
Deposit Account No. 08-2025. Should no proper payment be enclosed herewith, as by a check 
being in the wrong amount, unsigned, post-dated, otherwise improper or informal or even 
entirely missing, the Commissioner is authorized to charge the unpaid amount to Deposit 
Account No. 08-2025. If any extensions of time are needed for timely acceptance of papers 
submitted herewith. Applicants hereby petition for such extension under 37C.F.R. §1.136 and 
authorizes payment of any such extensions fees to Deposit Account No. 08-2025. 
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Respectfully submitted, 



Date January 17. 2008 

FOLEY & LARDNER LLP 
3000 K Street, NW 
Washington, DC 20007 
Telephone: 202-672-5399 
(Attorney William T. Ellis) 
Facsimile: 202-672-5399 



By /James A. Sprowl/ 

James A. Sprowl 
Attorney for Applicants 
Registration No. 25,061 

Telephone 847-446-7399 
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